On 2018-01-20 16:08, Joris (ideeel) wrote: > hi list > > I run a webservice (and a mail service). All websites run under the > same UID of apa...@webserver.domain.com. I know, not ideal, but i > cannot change that bit. Problem is that if one site gets hacked, user > apache starts sending spam with no way to figure out which website is > misbehaving. Thus we are going to enforce websites to use SASL-auth. > > Now the remaining problem is that ,even with SMTP-auth, the MAIL FROM > username sometimes is still apache. I know gmail rewrites the envelope > sender and the header sender based on the login name, but i have not > been able to find how to do this in postfix (canonical_classes does > not seem to help me here). I cannot really reject the mail using > reject_authenticated_sender_login_mismatch because the mails will be > send back to the apache user with again no knowledge of the true > sender.
Maybe I am not getting something but if you force different SASL-auth for each website you will have the offending username in the logs. > > hope you can give me some pointers or documentation how I can solve this :) > > best > Joris I had exactly the same problem when one of websites I was hosting got hacked and also wanted to prevent from situation when my user is hacked (malware) and starts sending emails with matching envelope sender but forging From header. I ended up using vrfydmn like that: /usr/bin/python /usr/local/sbin/vrfydmn -F -u vrfydmn -g vrfydmn -s inet:10072@127.0.0.1 -p /var/run/vrfydmn/vrfydmn.pid I reject emails from users that try to send them with envelope sender that they don't own so in my case Postfix makes sure that envelope-sender is OK (reject_sender_login_mismatch), and then vrfydmn makes sure that From: matches. In your case you can (apparently) force PHP to use fixed envelope-from address. Than you can use this milter to fix From: address. Have a look, it might be what you need. https://github.com/croessner/vrfydmn Karol -- Karol Augustin ka...@augustin.pl http://karolaugustin.pl/ +353 85 775 5312vrfydmn
